> web server) now required Network password to logon.
> I suspected it's NT Challenge/Response and IIS Security
> problem with his new setup.
>
> Did quick research to confirm my suspicion, seems that my
> suspicion is valid, it seems at least two situations would
> result in the above-mentioned problem:
> 1) Anonymous Access with an NT/its class OS IIS user account,
> IUSR_{machineOrHostName} has been disabled under Integrated
> Windows Authentication schema (haven't tested other two
> authen. schemas).
> 2) The default IIS user account, IUSER_{machineOrHostName)
> has been disabled.
>
> I've tested the above two scenarios separately with same
> result, that is, NT logon is prompted when accessing a site.
>
> Is there/ are there any further scenarios that cause the same
> NT access problem? Security gurus, you'll make my days.
For anonymous access to work, the IUSR_MACHINENAME account must have execute
permissions to CF files and it must have execute permissions to the CF ISAPI
extension. On CF 5, that extension is typically c:\cfusion\bin\iscf.dll, and
on CFMX it's something like c:\cfusionmx\runtime\lib\wsconfig\1\jrun.dll.
The exact path for the CFMX ISAPI extension will depend on how you've
installed CFMX, but you can just look in the IIS management console under
the list of ISAPI extensions to find out for sure.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
